Recent

Author Topic: VIRUS IDP.ALEXA.51  (Read 3359 times)

zogtrog

  • New Member
  • *
  • Posts: 20
VIRUS IDP.ALEXA.51
« on: April 13, 2019, 07:17:46 pm »
Hi,
    I installed the latest windows 32 bit version of lazarus this morning from source forge.

https://sourceforge.net/projects/lazarus/files/Lazarus%20Windows%2032%20bits/Lazarus%202.0.0/lazarus-2.0.0-fpc-3.0.4-win32.exe/download

I was messing around making a test web server project using webfp  when the AVG behaviour sheild informed me it had detected VIRUS IDP.ALEXA.51 inside lazarus.exe. I am assuming this is a false positive ?

lucamar

  • Hero Member
  • *****
  • Posts: 4219
Re: VIRUS IDP.ALEXA.51
« Reply #1 on: April 13, 2019, 07:40:09 pm »
I am assuming this is a false positive ?

It may well be but do a virus scan of your full system, just in case it isn't: if other files appear to be infected with the same virus then it's not a false positive (obviously).
Turbo Pascal 3 CP/M - Amstrad PCW 8256 (512 KB !!!) :P
Lazarus/FPC 2.0.8/3.0.4 & 2.0.12/3.2.0 - 32/64 bits on:
(K|L|X)Ubuntu 12..18, Windows XP, 7, 10 and various DOSes.

zogtrog

  • New Member
  • *
  • Posts: 20
Re: VIRUS IDP.ALEXA.51
« Reply #2 on: April 13, 2019, 07:48:16 pm »
i am running a deep scan already. I ran a quick scan yesterday which was clear.

ASerge

  • Hero Member
  • *****
  • Posts: 2222
Re: VIRUS IDP.ALEXA.51
« Reply #3 on: April 13, 2019, 08:04:33 pm »
Also check the hash.
For Windows run in cmd:
cerutil -hashfile lazarus-2.0.0-fpc-3.0.4-win32.exe MD5
and compare result with checksums at https://www.lazarus-ide.org/index.php?page=checksums#2_0_0

Thaddy

  • Hero Member
  • *****
  • Posts: 14197
  • Probably until I exterminate Putin.
Re: VIRUS IDP.ALEXA.51
« Reply #4 on: April 13, 2019, 08:50:57 pm »
Just in case: is your software all up-to-date?
See https://support.avg.com/answers?id=906b0000000LTe4AAG
Specialize a type, not a var.

Martin_fr

  • Administrator
  • Hero Member
  • *
  • Posts: 9791
  • Debugger - SynEdit - and more
    • wiki
Re: VIRUS IDP.ALEXA.51
« Reply #5 on: April 13, 2019, 09:08:05 pm »
You can check the downloads to be unmodified by looking at the checksum
https://www.lazarus-ide.org/index.php?page=checksums
https://www.microsoft.com/en-us/download/details.aspx?id=11533 for microsofts fciv to checksum the file on your disk.

The windows installers are uploaded to virustotal (you can search by checksum)
https://www.virustotal.com/gui/file/fb64be2210c3583f3a184a4a3acc2342624582f7d946ab06d4faf64c81e0326d/detection
and sometimes to
https://metadefender.opswat.com/results#!/file/FB64BE2210C3583F3A184A4A3ACC2342624582F7D946AB06D4FAF64C81E0326D/hash/multiscan

As you can see they have one "possible detection", which in this case is a false positive.

This kind of "generic..." detection is often some kind of guess by the AV engine. And the IDE gets its share of false positives.
Most AV companies have an upload site for false positives. They will then whitelist the software, if indeed it is harmless. But for the IDE that is not useful, as every time you install/remove a package you rebuild it, and therefore change it.

But when you get a report, you can always verify it at virustotal or other metascan sites.

zogtrog

  • New Member
  • *
  • Posts: 20
Re: VIRUS IDP.ALEXA.51
« Reply #6 on: April 13, 2019, 09:24:14 pm »
The check sum appears to be okay, but worryingly my antivirus scan has been stuck at 28% for the last half anhour. I updated AVG immediately before running running the deep scan. I been having problems with the windows start menu freezing since a windows update yesterday as well.

I also rebulit lazarus with webfp immediately after I installed it.

D:\down>certutil -hashfile lazarus-2.0.0-fpc-3.0.4-win32.exe MD5
MD5 hash of lazarus-2.0.0-fpc-3.0.4-win32.exe:
1b634f5fac8b0c7edc0bd49e72ecbefc
CertUtil: -hashfile command completed successfully.

Martin_fr

  • Administrator
  • Hero Member
  • *
  • Posts: 9791
  • Debugger - SynEdit - and more
    • wiki
Re: VIRUS IDP.ALEXA.51
« Reply #7 on: April 13, 2019, 09:37:49 pm »
An alternate way of scanning is getting a scanner that boots from dvd or usb stick.

There is Desinfect by the German CT magazine. But it is not free.

Or google. I found this: (page is in German...)
https://www.eset.com/de/support/sysrescue/

There should be others.

From my last/old PC, I made the experience that OS hangs / slow down etc, can be caused by disk/filesystem errors. So running checkdisk may be an option too.

There are also tools (IIRC even by microsof) to create an emergency windows 10 boot dvd/stick.  You can always do that at a friends pc.

zogtrog

  • New Member
  • *
  • Posts: 20
Re: VIRUS IDP.ALEXA.51
« Reply #8 on: April 15, 2019, 07:29:34 am »
I ran a boot scan on my computer using AVG, I ran a system scan through spybot SD and a scan using spy hunter 5 which is supposed to to be able to detect and remove this particular virus, and all the scans came back clean.
I submitted the version of lazarus.exe I had compiled myself  to VirusTotal and it came back clean as well. So I think it's safe to assume that on this occasion the AVG Behaviour shield came up with a false detection.

Oh yeah - thanks for all the help and support you guys gave me with this problem, it was much appreciated.
 :)
« Last Edit: April 15, 2019, 07:31:11 am by zogtrog »

 

TinyPortal © 2005-2018